RFR: 8330842: Support AES CBC with Ciphertext Stealing (CTS) in SunPKCS11 [v5]

[Valerie Peng]

On Wed, 5 Jun 2024 19:39:06 GMT, Francisco Ferrari Bihurriet <fferrari at openjdk.org> wrote:

>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java line 647:
>> 
>>> 645:             return Enum.valueOf(enumClass, value);
>>> 646:         } catch (IllegalArgumentException ignored) {
>>> 647:             throw excToken(keyword + " must be one of " +
>> 
>> nit: since we are using the `value` for enum conversion, maybe using it instead of `keyword` for the error message? This has the benefit of showing what the parsed value is.
>
> The `value` is completed form the current token by `excToken()`.
> 
> As mentioned in https://github.com/openjdk/jdk/pull/18898#issuecomment-2138360201, if we pass `CS4` (an invalid value), we get the following error:
> 
> cipherTextStealingVariant must be one of [CS1, CS2, CS3], read: Token[CS4], line 33
> 
> 
> Other attributes are parsed in the same way, with similar error messages.

Ok, sounds good.

>> test/jdk/sun/security/pkcs11/Cipher/TestSymmCiphers.java line 84:
>> 
>>> 82: 
>>> 83:         new CI("AES/CTR/NoPadding", "AES", 3200),
>>> 84:         new CI("AES/CTS/NoPadding", "AES", 3200),
>> 
>> Add more data sizes, e.g. not multiples of block sizes?
>
> These edge cases are covered by the new `TestCipherTextStealingMultipart`, here we only wanted to add some cases in line with the CTR addition (4ce804890912ce7a0002c9e631c4dc699ac33c39).

Ok.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18898#discussion_r1628561079
PR Review Comment: https://git.openjdk.org/jdk/pull/18898#discussion_r1628560195